AWS Networking Flashcards
What is VPC?
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account.
The easiest way to describe a VPC is as your own private data center within the AWS infrastructure. You get to decide the network addresses that you will use throughout your infrastructure. Since this is your network, you can decide to slice it up any way you prefer.
How may VPCs can you create?
Up to 5 per region
What must you specify when you create a VPC?
When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.
There is no way to change your VPC’s network block after it has been created.
What is a public subnet?
Public subnets are subnets that have:
- “Auto-assign public IPv4 address” set to “Yes”.
- The subnet route table has an attached Internet Gateway (IGW).
What are a few ways to securely connect to a VPC?
- AWS managed VPN – fast to setup.
- Direct Connect – high bandwidth, low-latency but takes weeks to months to setup.
- VPN CloudHub – used for connecting multiple sites to AWS.
- Software VPN – use 3rd party software.
What is the IGW?
You don’t have to define IP addresses when you set up your IGW. You don’t have to worry about redundancy or scaling of this gateway either – this is taken care of for you by AWS. All you need to do is create one.
It is important to note that for an instance to talk to the outside world, instances must be located on a subnet that has a route defined to the IGW, and there must be a public IP address (Elastic IP) attached to that instance. This is mandatory to enable bi-directional communication between the outside world and the instances.
What is the NGW?
Similar to the IGW, you do not have to configure IP addresses. The NGW is highly available and scales automatically – all of that is taken care of by Amazon. All you need to do is choose the subnet that has access to the outside world, and it will be configured for you.
By using a NGW, you can allow outbound access to the internet and limit the inbound access to those instances, providing an additional layer of abstraction and protection for your workloads.
We would use an NGW in the instance where we don’t want our instances to be exposed to the outside world and don’t want them to have a public IP address.
What is the VPC Wizard?
The VPC Wizard can be used to create the following four configurations:
- VPC with a single Public Subnet
- VPC with Public and Private Subnets
- VPC with Public and Private Subnets and Hardware VPN
- VPC with a Private Subnet Only and Hardware VPN AccessAccess
What is the difference between NACLs and Security Groups?
Network Access Control Lists (ACLs) provide a firewall/security layer at the subnet level. They support allow AND deny rules. They are stateless. They process rules in order.
Security Groups provide a firewall/security layer at the instance level. They support allow rules ONLY. They are stateful. They evaluate all rules.
What is a NAT instance?
They are used to enable private subnet instances to access the Internet.
NAT instances are managed by you.
What are NAT Gateways?
NAT gateways are highly available in each AZ into which they are deployed.
NAT gateways are managed for you by AWS.
What is Direct Connect?
AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS.
Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network.
